Endpoint Vulnerability

Bypass of tab-modal dialog origin disclosure

Description

Security researcher shutdown reported a method for removing the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter data into a modal prompt dialog on an attacking, site while appearing to be from the displayed site.

Affected Products

Firefox

References

CVE-2013-0794,